Home Malware Programs Trojans Trojan.Crypt.VB.U

Trojan.Crypt.VB.U

Posted: December 19, 2011

Threat Metric

Threat Level: 9/10
Infected PCs: 79
First Seen: December 19, 2011
OS(es) Affected: Windows

Trojan.Crypt.VB.U is a ransomware Trojan that encrypts a wide range of files on your PC to cause them to be unusable, thereafter offering a decryption tool to restore the files – if you're willing to pay a sixty-nine-dollar fee. Although, unlike some other types of ransomware Trojans, Trojan.Crypt.VB.U actually does follow through with its threats to encrypt your files and does provide a genuine decryption tool, SpywareRemove.com malware experts recommend that you remove Trojan.Crypt.VB.U with a good anti-malware product and avoid paying its ransom fee. Since Trojan.Crypt.VB.U uses a simplistic XOR-based algorithm that can be decrypted by third party utilities, you should be able to retrieve your files easily once you've deleted Trojan.Crypt.VB.U. Intriguingly, Trojan.Crypt.VB.U does offer a 'trial' remedy that allows you to decrypt up to three files, and although there's no harm in using this trial once your PC has been infected by Trojan.Crypt.VB.U, there's no real reason to spend money on a wholesale decryption solution that you could get your hands on for free.

Trojan.Crypt.VB.U: As Far As 'Demos' Go, More Dangerous Than You'd Expect

Trojan.Crypt.VB.U attacks were first noted in mid-December of 2011, and although Trojan.Crypt.VB.U's distribution method hasn't yet been confirmed, the timing makes distribution of Trojan.Crypt.VB.U through fake Christmas-related scams and hoaxes to be very likely. Multiple variants of Trojan.Crypt.VB.U have already been identified, and exhibit minor differences in behavior - older versions of Trojan.Crypt.VB.U may encrypt more files while newer versions may encrypt files more selectively, and encryption attacks may or may not require a system reboot before they take place. In all cases, however, SpywareRemove.com malware researchers find that Trojan.Crypt.VB.U immediately notifies the victim of its encryption attack by opening a web page.

Rather sneakily, this web page will announce the availability of a decryption product for 'only' $69.00 without telling you that Trojan.Crypt.VB.U, is the real cause of the encryption. A link to a free demo will allow you to decrypt up to three files, which gives credibility to the verifiable-functioning nature of this decryption program, and the payment form even accepts the prolific PayPpal platform for receiving payments. However, despite these dangling carrots, SpywareRemove.com malware researchers don't recommend using it regardless of its features, even if Trojan.Crypt.VB.U has managed to encrypt and lock you out of a wide range of important files.

Solving the Trojan.Crypt.VB.U Riddle Without Undue Expenses

Although Trojan.Crypt.VB.U's encryption functions are genuine, SpywareRemove.com malware analysts are happy to find that they also use a basic XOR algorithm that reverses file information and adds obfuscating headers. This algorithm can be cracked by freely-available decryption products and doesn't cause any harm to the files that are encrypted, so there's little justification for spending money on the product that Trojan.Crypt.VB.U is advertising with such dishonest cunning. However, removing Trojan.Crypt.VB.U is recommended before you try to salvage your files, and without access to a robust anti-malware scanner this can be difficult to achieve, since Trojan.Crypt.VB.U alters the Registry, conceals files in the Windows directory and launches multiple files as soon as Windows boots itself.

Safe Mode may allow you to avoid some of Trojan.Crypt.VB.U's attacks long enough for you to launch your choice of anti-malware software; if not, you may need to boot Windows from a USB drive or CD. You should also be watchful for 'Setupp.exe' and 'setupc.exe' in the Processes tab of your Task Manager; these two Trojan.Crypt.VB.U processes will keep each other running and must be terminated simultaneously to deactivate Trojan.Crypt.VB.U. Trojan.Crypt.VB.U will also attempt to conceal file extensions such as '.zip' or '.exe' by altering your Registry, and you should be aware of this and try to avoid launching unfamiliar files until you've removed Trojan.Crypt.VB.U and undone this Registry change.

Loading...